from the black-box dept

Back in December, we reported on how France sneakily enacted a controversial surveillance law on Christmas Eve, obviously hoping nobody would notice. Now the French government is quite brazenly saying last year's law didn't go far enough, and that it must bring in yet another surveillance law that is even more intrusive, and do it quickly with only minimal scrutiny. Here are just some of the problems with the new bill according to Human Rights Watch:

Serious flaws include expansive powers for the prime minister to authorize surveillance for purposes far beyond those recognized in international human rights law; lack of meaningful judicial oversight; requirements for private service providers to monitor and analyze user data and report suspicious patterns; prolonged retention periods for some captured data; and little public transparency.

That requirement for ISPs to install "black boxes" for algorithmic surveillance of "suspicious patterns" is particularly troubling:

The bill's requirement for service providers to install secret, unspecified, state-provided means of analyzing suspicious patterns -- for example, visits to websites advocating terrorism, or contacts with persons under investigation -- could potentially be applied to a virtually unlimited set of indicators, Human Rights Watch said.

Once these black boxes are in place, it can only be a matter of time before the copyright industry starts pushing to use them to detect copyright infringement. After all, it will doubtless point out, since the equipment will already be there, it wouldn't impose any further costs on service providers to carry out such scans. Who could possible object? Leading French Internet companies certainly do. As ZDNet reports, some are threatening to leave the country if the law is passed in its present form when it comes to the final vote on 5 May:

Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto "exile" if the French government goes ahead with the "real-time capture of data" by its intelligence agencies.

The companies argued that being required by the law to install "black boxes" on their networks will "destroy a major segment of the economy," and if passed it will force them to "move our infrastructure, investments, and employees where our customers will want to work with us."

The companies say that between 30 to 40% of their turnover comes from customers outside France, attracted by the current framework's strong protection for online privacy (original in French.) It's a great gesture, but the question is: could the companies carry out their threat? After all, given the rush to introduce far-reaching surveillance laws in many other European countries, it's not clear where exactly those companies could go. Even Switzerland, that old standby, has its surveillance programs, and the risk is that it, too, will bring in measures like those of its neighbors.

from the better-than-just-taking-them-down... dept

It seems like, as in the US with Senator Lieberman's desire for censorship, a French politician has also been looking to censor Wikileaks, which has been partially hosted by French firm OVH. However, rather than just folding, PrometheeFeu alerts us to the news that OVH notes that their job is to run infrastructure and they have no feelings one way or another about Wikileaks itself. However, due to all of the publicity and controversy, they're asking a judge if it's okay for them to do what they're doing (Google translation of the original French). They specifically state that they don't think it should be up to politicians (or the company itself) to decide but that a court of law should actually determine if it's legal. That certainly seems like a better solution than just taking it down...